Search

Cooking with Chef: Create private and public subnet EC2 instances in a VPC with Knife

In order to access your AWS instance in a VPC private subnet you need a bastion host ( NAT instance). The setup of a bastion is quite easy as described here.

One important remark: don’t forget to add an outbound (egress) rule to the NAT security group (NATSG) to allow SSH traffic.

As soon as you have your bastion in place you probably want to create or bootstrap new instances in your private subnet. Knife gives you the possibility to create EC2 instances in both private and public subnets, you only have to specify the right options to the knife command.